Michele Orru just presented “Dr. Strangelove or: How I Learned to Stop Worrying and Love the BeEF” at the 2011 CONfidence in Krakow.

What will you do during a pentest if you should get access to some target internal resources while having no exploitable external ones for the escalation? Well, there could be many responses on this provocative sentence, starting from Social Engineering techniques to the exploitation of victims browser inside the target.

We will see how BeEF can help resolving almost impossible pentest situations while directly exploiting the victims inside the target, using their machines as pivot to gather access to internal as well external resources, and how it’s much easier now to extend BeEF functionality writing your own modules to suit your needs.

Great stuff, and not just because every conference should have at least one presentation modelled after Dr. Strangelove. This could actually spark a contest that spans security conferences — each one gives an award for best Dr. Strangelove security talk.

Although I’m obviously biased I would like to think my comparison to Stuxnet hysteria I presented earlier this year was more historically aimed and made more sense as a threat analysis.

Is anyone, and I mean anyone, really so worried about the Browser Exploitation Framework (BeEF) that they are proposing changes to national security? I don’t see it. Seems to me more of the opposite reaction to the BeEF — browser exploits are out there, and BeEF is doing what BeEF does…mooing and grazing and dumping excrement (filling logs).

If it were my choice I might have tried “BeEF, the other pentest meat”, “BeEF, it’s what’s for pentests”, “What’s on your (zombie) grill?” or even “Ground BeEF: Cutting the legs off a browser”.

But on the other hand I admit I’m still in favour of as many presentations using Dr. Strangelove as possible to drive the message. The more Strangelove the better.

In related news, the presentation talked about the effort to port BeEF from PHP to Ruby. I vote they rename the new Ruby version “DeCalf” (e.g. not written in Java).

A beer company in Italy has created a heat-activated coaster-sized sticker that fits in urinals for men. If they pass more than a pint’s worth of liquid the sticker reveals a message that says they should call a cab.

…after 25 seconds of pee – a length of time at the urinal that would only occur if the person relieving themself had drunk more than one pint of beer (the Italian drink-drive limit).

I am sure bars also like it because it reduces the cost of cleaning the men’s toilets.

Maybe they have a different reason than what I explored at length in the case of America’s ban on Vegemite. It reads very similar to me at first glance:

It is unclear exactly why the Danish authorities have launched a crackdown on foods with too many vitamins.

But Marmite now joins the ranks of Australian alternative Vegemite, Horlicks, Ovaltine and Farley’s Rusks – all products the Danes have an apparent aversion to.

The anger expressed from the British seems to head towards the whole continent.

The ban highlights the absurdity of the EU which states that it is a legal product, but which has no authority over nation states about what can and cannot be sold.

I wouldn’t go so far as to say a Marmite ban highlights the absurdity of the EU.

It appears to be a situation where a state reserves the right to regulate a subset of the total legal products available to them. This is like if Kansas banned beer even though the US federal rules said beer is legal.

It highlights peculiar food and health standards in Denmark but does not appear to tarnish the relationship between Denmark and the EU.

At least you can still go to England and buy it…for now.

Jose Nazario provides an excellent summary on the Arbor blog of a bot that spreads via USB and instant messenger. He starts with a note on anti-Sino bias often found in American security analysis.

Lest you think all of the DDoS bots we focus on come only from China, we found one that appears to be from the US.

It appears to be from the US, but it still has links to the countries where it is easier to evade law enforcement.

His servers that he has used go back to “Net-0x2a: Zharkov Mukola Mukolayovuch” in the Ukraine, and also “PIRADIUS” in Malaysia. This is someone familiar with underground hosting, it seems.

It sounds much less American now. Don’t let it slip away Jose.

Inspection of the bots we captured show a handful of user-agents (my favorite is the Cyberdog one!) and HTTP headers that appear distinctive, enabling us to detect its traffic selectively. The author appears to have imported Slowloris’ attack method without any modification.

We have also been sinkholing this botnet. Inspection shows hundreds of bots checking in from around the world, with most in the US.

Aha! I can’t overstate the importance of including the lineage in an attack analysis. But even more to the point, Cyberdog is an obviously American reference. I remember in the late 90s when Steve Jobs said he put a “bullet through the head” of Cyberdog.

And now Cyberdog is back, as a zombie! I bet Steve didn’t see that coming.

But seriously, a Chinese user-agent is unlikely to be Cyberdog. It might be ç‹—å±  or maybe called Sundog, if Chinese, but I doubt Cyberdog.

Even more seriously, the speculation about nationality just forces me to wonder if the common definition of a nation is being pushed too far to fit these scenarios.

It’s relevant to law enforcement and financial take-down operations but, when it comes to explaining where a bot is “from”, are we at risk of shoving a square peg into a round hole?

Maybe I’m getting stuck on this idea of nationality linked to a product because it brings to mind how some say Budweiser is from America, instead of the Czech Republic. I mean Cheddar cheese has to be from Cheddar, England, right?